From 0a59ea5e0b2ce466bfd35c9e700094bf09a0310d Mon Sep 17 00:00:00 2001
From: Nelson Elhage <nelhage@ksplice.com>
Date: Thu, 17 Feb 2011 20:55:12 -0500
Subject: [PATCH] cgrulesengd: Ignore netlink messages that don't come from the
 kernel.

recvfrom() returns the address, it doesn't filter the packet based on the
sender. We need to explicitly check the received address after the call happens.

Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
---
 src/daemon/cgrulesengd.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
index 10fd2cd7..5a965fd6 100644
--- a/src/daemon/cgrulesengd.c
+++ b/src/daemon/cgrulesengd.c
@@ -503,17 +503,10 @@ static int cgre_receive_netlink_msg(int sk_nl)
 	struct sockaddr_nl from_nla;
 	socklen_t from_nla_len;
 	struct nlmsghdr *nlh;
-	struct sockaddr_nl kern_nla;
 	struct cn_msg *cn_hdr;
 
-	kern_nla.nl_family = AF_NETLINK;
-	kern_nla.nl_groups = CN_IDX_PROC;
-	kern_nla.nl_pid = 1;
-	kern_nla.nl_pad = 0;
-
 	memset(buff, 0, sizeof(buff));
 	from_nla_len = sizeof(from_nla);
-	memcpy(&from_nla, &kern_nla, sizeof(from_nla));
 	recv_len = recvfrom(sk_nl, buff, sizeof(buff), 0,
 		(struct sockaddr *)&from_nla, &from_nla_len);
 	if (recv_len == ENOBUFS) {
@@ -523,6 +516,10 @@ static int cgre_receive_netlink_msg(int sk_nl)
 	if (recv_len < 1)
 		return 0;
 
+	if (from_nla.nl_groups != CN_IDX_PROC
+	    || from_nla.nl_pid != 0)
+		return 0;
+
 	nlh = (struct nlmsghdr *)buff;
 	while (NLMSG_OK(nlh, recv_len)) {
 		cn_hdr = NLMSG_DATA(nlh);
-- 
2.47.2